-
Notifications
You must be signed in to change notification settings - Fork 18
/
example.conf
38 lines (38 loc) · 1.24 KB
/
example.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
# This is just an example client config - vpnfailsafe should work with any
# configuration that doesn't require ipv6.
client
dev tun
proto udp
remote-random
remote server1.example.org 1194
remote server2.example.org 1194
cipher AES-256-CBC
# Omitting route-noexec, or even using `redirect-gateway def1' should make no
# practical difference, but this prevents the error message about existing
# routes from appearing.
route-noexec
nobind
persist-key
persist-tun
# Set to `no' to mitigate the Voracle vulnerability. This setting may, or may
# not work depending on server configuration. Set to `adaptive', or `yes' if
# errors occur.
comp-lzo no
verb 3
remote-cert-tls server
ping-restart 60
# Ignore ipv6 configuration pushed by the server to prevent failure when ipv6
# is disabled in the system.
pull-filter ignore "ifconfig-ipv6 "
pull-filter ignore "route-ipv6 "
script-security 2
up /etc/openvpn/vpnfailsafe.sh
down /etc/openvpn/vpnfailsafe.sh
mute-replay-warnings
ping 10
ca /etc/openvpn/ca.crt
cert /etc/openvpn/example.crt
key /etc/openvpn/example.key
crl-verify /etc/openvpn/crl.pem
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA